Should I pursue CISSP

I am currently working as level 3 desktop support but really want to get into the security field.
My initial plan was to first take the SSCP and then CISSP but from speaking to recruiters, SSCP is not sought after in my area.
On the other hand, nearly all security job spec's have CISSP on them.

The question is, without having working experience in security, is it worth my while gaining CISSP?
Im just not sure if companies would have any interest if I dont have the security experience to go along with it.

Thanks!

0

Comments

I'd look over the domains listed for the CISSP and check to see if you may have filled some the requirements they are looking for.... Alot of stuff fits in those domains even if your title doesn't say Security in it.

1. How many years have you been working in technology? If you don’t have the full 4 or 5 (see website), then you can get it right now anyways.

2. Will your employer pay for any? Getting some from GIAC with SANS training, or a vendor security cert like Cisco could help you break into the field. Honestly if you just have a CISSP, don’t be surprised if you get a lot of compliance based jobs calling. Eventually one way or another, you will have to get he CISSP but research skills that are desired for specific jobs you want and try to match those.

If you want to work in the security field i would say yes get the cert. Its mostly security theory and you will have to find out how to apply that theory to your job.

Also every job i have ever worked in this field came with a few weeks of train up on how to things the companies way. Ask a lot of questions and take some of your time to learn what ever you need to learn and you should be good

I can give you some feedback from the government contractor perspective. I have been interviewing candidates for Information System Security Engineer (Security +) and Information System Security Manager (CISSP or CAP) positions for the past 4 months.

Given your current experience level in cybersecurity I would suggest not going for the CISSP but another credential such as Security +. Security + will allow you to get your foot in the door much quicker. Should take you about 6 weeks to study for at most. There is no years of experience to get the credential as there is with CISSP.

Security + will qualify you for positions as an Information System Security Engineer (ISSE). Given the current job market, we have hired people with Security+ and no experience because it is so difficult to find people. We look at potential and team fit when the person does not have experience. If I am interviewing someone with a CISSP and no experience, I consider them at the same level as someone with Security +.

Once you get your foot in the door, then start studying for CISSP or another higher credential. The key is getting your foot in the door and getting experience. Always be studying for your next credential or at least have an idea what you are going to do next.

If you are considering government contracting take a look at DOD 8570 which spells out the certifications needed for cybersecurity professionals in the government. Focus on the first two rows, IAT and IAM.